[英]Access host docker-machine from within container
I have an image that I'm using to run my CI/CD builds (using GitLab CE). 我有一个用于运行CI / CD构建的映像(使用GitLab CE)。 I'd like to deploy my app doing something like this from within the container: 我想在容器中部署执行以下操作的应用程序:
eval "$(docker-machine env manager)"
sudo docker stack deploy --compose-file docker-stack.yml web
However, I'd like the docker-machine to access machines defined on the host system since the container will be destroyed and I don't want to include access details in the image. 但是,我希望docker-machine访问主机系统上定义的机器,因为容器将被破坏,并且我不想在映像中包括访问详细信息。
I've tried a few things 我已经尝试了几件事
Accessing the Remote Host via docker-machine
通过docker-machine
访问远程主机
MACHINE_STORAGE_PATH
so that it is available to the container 在主机上创建docker-machine并挂载MACHINE_STORAGE_PATH
以便容器可以使用它 MACHINE_STORAGE_PATH
equal to a mounted volume 从容器内手动连接到远程docker-machine并将MACHINE_STORAGE_PATH
设置为等于已安装的卷 In both cases, I can see the machine storage is persisted, but whenever I create a new container and run docker-machine ls
none of the machines are listed. 在这两种情况下,我都可以看到机器存储仍然存在,但是每当我创建一个新容器并运行docker-machine ls
都不会列出任何机器。
Accessing the Remote Host via DOCKER_HOST
通过DOCKER_HOST
访问远程主机
docker-machine ssh manager-1 -N -L 2376:localhost:2376
将远程机器docker端口转发到主机docker端口docker-machine ssh manager-1 -N -L 2376:localhost:2376
export DOCKER_HOST=:2376
export DOCKER_TLS_VERIFY=1
and export DOCKER_CERT_PATH=/Users/me/.docker/machine/machines/manager-1
告诉docker使用与export DOCKER_TLS_VERIFY=1
-machine相同的证书: export DOCKER_TLS_VERIFY=1
和export DOCKER_CERT_PATH=/Users/me/.docker/machine/machines/manager-1
docker info
使用docker info
测试 This gives me error during connect: Get https://localhost:2376/v1.26/info: x509: certificate signed by unknown authority
这error during connect: Get https://localhost:2376/v1.26/info: x509: certificate signed by unknown authority
给我error during connect: Get https://localhost:2376/v1.26/info: x509: certificate signed by unknown authority
Any ideas on how I can perform a remote deployment from within a container? 关于如何从容器内执行远程部署的任何想法?
Thanks 谢谢
EDIT 编辑
Here is a diagram to try and help better communicate the scenario. 这是一个尝试并帮助更好地传达方案的图表。
Don't use docker-machine for this. 请勿为此使用docker-machine。
Docker-machine stores files in $HOME/.docker/machine, so when you restart with a fresh copy of this folder, all previously defined machines will be removed. Docker机器将文件存储在$ HOME / .docker / machine中,因此当您使用该文件夹的新副本重新启动时,所有先前定义的机器将被删除。 You could store this folder as a volume, but there's a much easier way for your purposes. 您可以将该文件夹存储为卷,但是有一种更简单的方法可以实现您的目的。
The solution is to mount the docker socket, and either as root or from a user with the same gid as the docker socket (note that group names themselves inside and outside the container may not match, so gid is important), run your docker ...
commands as normal. 解决方案是安装docker套接字,并以root身份或来自与docker套接字具有相同gid的用户(请注意,容器内部和外部的组名称本身可能不匹配,因此gid很重要),运行docker ...
命令正常。 You can skip the docker-machine
eval completely since you are running the commands against the local docker socket. 您可以完全跳过docker-machine
eval,因为您是针对本地docker套接字运行命令。
If you need to run commands remotely, I find it easier to define the DOCKER_HOST
and DOCKER_TLS_VERIFY
variables manually rather than using docker-machine
. 如果您需要远程运行命令,我发现手动定义DOCKER_HOST
和DOCKER_TLS_VERIFY
变量比使用DOCKER_TLS_VERIFY
docker-machine
更容易。
In case you want to communicate from your CI container to the Docker host you can simply mount the Docker socket when starting the CI container: 如果您想从CI容器与Docker主机进行通信,则可以在启动CI容器时简单地安装Docker套接字:
docker run -v /var/run/docker.sock:/var/run/docker.sock <gitlab-image>
Now you can run docker commands on the host from within the CI container. 现在,您可以在CI容器中的主机上运行docker命令。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.